Hello there, In today's issue of Secret CISO, we delve into the world of data breaches and security settlements.

AT&T has agreed to a whopping $13 million settlement over a data breach that occurred in 2023. The breach, traced back to one of its third-party cloud vendors, has raised questions about the adequacy of the fine in resolving the issue. Meanwhile, genetic testing company 23andMe has agreed to a $30 million settlement over a data breach that targeted Jewish and Chinese users.

The breach was revealed when a hacker published a link to a database labeled 'Ashkenazi DNA Data of...' In other news, security breaches are on the rise, with the number of notified data breaches in Australia in the first half of 2024 at its highest in three and a half years. This comes as a researcher from security vendor AppOmni uncovered more than 1000 ServiceNow instances that have been exposing Knowledge Base data.

On the tech front, Proofpoint is doubling down on partner services, AI, and data security with an array of updates aimed at enhancing data protection and AI security capabilities. Stay tuned for more updates on these stories and other top cybersecurity news in today's issue of Secret CISO. Stay safe, stay informed.

Data Breaches

1. AT&T to Pay $13 Million in Settlement Over 2023 Data Breach: AT&T has agreed to pay $13 million in a settlement with the FCC over a 2023 data breach at a third-party vendor's cloud environment. The breach resulted in the theft of information related to more than its customers. Source: SecurityWeek
2. 23andMe agrees to $30M settlement over data breach targeting Jewish and Chinese users: Genetic testing company 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that targeted Jewish and Chinese users. The breach was revealed when a hacker published a link to a database labeled 'Ashkenazi DNA Data'. Source: Times of Israel
3. Government data breaches have increased this year: OAIC: New statistics show the number of notified data breaches in Australia in the first half of 2024 was at its highest in three and a half years. The report did not specify the exact number of breaches or the sectors affected. Source: GovTech Review
4. Temu denies breach after hacker claims theft of 87 million data records: Temu, a tech company, has denied it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of its users. The company has not provided further details about the alleged breach. Source: Bleeping Computer
5. Fortinet Mid-September Data Breach Advisory: Cybersecurity company Fortinet has issued an advisory about a data breach that occurred in mid-September. The company has not disclosed the number of affected users or the nature of the data compromised. Source: Security Boulevard

Security Research

1. St. Clair County Response to Voter Data Unsecured by Contractor: St. Clair County is reviewing its security policies after an Illinois elections company's records, including Social Security numbers, were found available online. The county is taking steps to prevent such incidents in the future. Source: Belleville News-Democrat
2. Explosive Pagers Used by Hezbollah Modified by Israel: According to a senior source, 5000 beepers ordered by the militant group Hezbollah were modified by Israel at the production level. The beepers were made in Europe under license from Taiwan-based Gold Apollo. Source: Sky News
3. Addressing Evolving Challenges to Research Security in the Age of AI: A Times Higher Education webinar discussed the strengthening of research security in the face of rapid technological changes. The on-demand video is available for those interested in understanding the evolving challenges in research security. Source: Times Higher Education
4. Data Center Security Business Research Report 2023-2030: The report focuses on the accelerating demand for comprehensive solutions in multi-cloud security. It provides insights into the future of data center security business from 2023 to 2030. Source: Yahoo Finance
5. Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution: Security researchers zbl and srs of team TZL have discovered and reported two flaws in VMware vCenter. A patch has been issued to prevent potential remote code execution. Source: The Hacker News

Top CVEs

1. CVE-2024-37985 - Windows Kernel Information Disclosure: This vulnerability in Windows Kernel could lead to information disclosure, potentially exposing sensitive data. The flaw is due to improper handling of objects in memory. Source: vulners.com
2. CVE-2024-38812 - vCenter Server Heap-Overflow Vulnerability: A heap-overflow vulnerability has been identified in the vCenter Server's implementation of the DCERPC protocol. A malicious actor with network access could potentially trigger this vulnerability, leading to remote code execution. Source: vulners.com
3. CVE-2024-21743 - Privilege Escalation in favethemes Houzez Login Register: This vulnerability allows for privilege escalation in the Houzez Login Register due to improper handling of user privileges. Source: vulners.com
4. CVE-2021-27916 - Relative Path Traversal/Arbitrary File Deletion in Mautic (GrapesJS Builder): Logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. Source: vulners.com
5. CVE-2024-38813 - vCenter Server Privilege Escalation Vulnerability: The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root. Source: vulners.com

API Security

1. Backstage Plugin Catalog Backend Prototype Pollution Vulnerability: A security flaw was found in the Backstage plugin catalog backend, where a malicious actor with authenticated access could interrupt the service using a specially crafted query to the catalog API. This issue has been resolved in the 1.26.0 release of the package. Source: Vulners
2. Backstage Catalog Backend Plugin Vulnerability: Backstage, an open framework for building developer portals, was found to have a vulnerability. A malicious actor with authenticated access could interrupt the service using a specially crafted query to the catalog API. This has been fixed in the 1.26.0 release of the @backstage/plugin-catalog-backend. Source: Vulners
3. vLLM Denial of Service via the best_of parameter: A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API could lead to a Denial of Service (DoS). The API does not handle timeouts or resource exhaustion properly when this parameter is set to a large value, allowing an attacker to cause a DoS by consuming excessive system resources. Source: Vulners
4. vLLM Denial of Service Vulnerability: A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. Source: Vulners
5. vLLM API Denial of Service Vulnerability: A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API could lead to a Denial of Service (DoS). When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. Source: Vulners

Sponsored by Wallarm API Security Solution

Final Words

And that's a wrap for today's edition of the Secret CISO newsletter. We've covered a lot of ground, from AT&T's hefty $13 million settlement over a 2023 data breach to the rise in security breaches and the importance of data security. Remember, in the world of cybersecurity, knowledge is power. So, stay informed, stay secure. If you found this newsletter helpful, please consider sharing it with your friends and colleagues. Let's work together to create a safer digital world.

Until next time, stay vigilant and keep those data fortresses secure. Remember, the secret to cybersecurity is always staying one step ahead.